gittuf ☆

« Back to VersTracker

Description:
Security layer for Git repositories

Type: Formula | Latest Version: 0.12.0@0 | Tracked Since: Dec 25, 2025

Links: Homepage | formulae.brew.sh

Category: Security

Tags: security git supply-chain attestation devops compliance

Install: brew install gittuf

About:
gittuf is a security layer for Git that implements the RSL (Reference State Log) to create a tamper-resistant audit trail for repository operations. It enables cryptographic verification of Git history, branches, and tags, protecting against unauthorized changes and supply chain attacks. The tool integrates with existing Git workflows while adding robust attestation and policy enforcement capabilities.

Key Features:

Reference State Log (RSL) for immutable audit trail
Cryptographic verification of Git operations and history
Policy framework for access control and signing requirements
Backward compatible with standard Git repositories
Attestation support for provenance and metadata

Use Cases:

Securing software supply chains by verifying commit authenticity
Compliance auditing for regulated environments requiring Git traceability
Protecting critical branches (main, release) from unauthorized modifications
Establishing trust in collaborative open-source development workflows

Alternatives:

git-sshsign – Basic SSH signature verification without comprehensive audit trail
Sigstore – Focuses on artifact signing rather than Git workflow security
GPG signing – Manual signature verification without automated policy enforcement

Version History

Detected	Version	Change	Commit
Dec 25, 2025 6:01pm	0.12.0	VERSION_BUMP	86238aca
Sep 12, 2025 9:20am		VERSION_BUMP	e19da1a9
Sep 11, 2025 5:18pm		VERSION_BUMP	23124ad3
Dec 16, 2024 4:59pm		VERSION_BUMP	bc8706c1
Dec 11, 2024 5:10pm		VERSION_BUMP	cf18e3e5
Oct 2, 2024 12:44am		VERSION_BUMP	bacc8f68
Sep 12, 2024 4:51am		VERSION_BUMP	2062c17e
Jul 18, 2024 2:33am		VERSION_BUMP	00716ef6
Jan 17, 2024 11:06pm		VERSION_BUMP	1a53d791
Dec 15, 2023 10:46pm		VERSION_BUMP	2dd69206